github

Nefcore / CRLFsuite

  • воскресенье, 12 июня 2022 г. в 00:29:32
https://github.com/Nefcore/CRLFsuite


Fast CRLF injection scanning tool



CRLFsuite - CRLF injection scanner

made-with-python GitHub release PyPI license GitHub forks GitHub contributors

CRLFsuite is a fast tool specially designed to scan CRLF injection.

⬇️ Installation

$ git clone https://github.com/Nefcore/CRLFsuite.git
$ cd CRLFsuite
$ sudo python3 setup.py install
$ crlfsuite -h

⚙️ Features

✔️ Single URL scanning

✔️ Multiple URL scanning

✔️ WAF detection

✔️ XSS through CRLF injection

✔️ Stdin supported

✔️ GET & POST method supported

✔️ Concurrency

✔️ Powerful payloads (WAF evasion payloads are also included)

✔️ Fast and efficient scanning with negligible false-positive

Arguments

Argument Discription
-u/--url target URL
-i/--import-urls Import targets from the file
-s/--stdin Scan URLs from stdin
-o/--output Path for output file
-m/--method Request method (GET/POST)
-d/--data POST data
-uA/--user-agent Specify User-Agent
-To/--timeout Connection timeout
-c/--cookies Specify cookies
-v/--verify Verify SSL cert.
-t/--threads Number of concurrent threads
-sB/--skip-banner Skip banner and args info
-sP/--show-payloads Show all the available CRLF payloads

Usage

Single URL scanning:

$ crlfsuite -u "http://testphp.vulnweb.com"

Multiple URLs scanning:

$ crlfsuite -i targets.txt

from stdin:

$ subfinder -d google.com -silent | httpx -silent | crlfsuite -s

Specifying cookies 🍪:

$ crlfsuite -u "http://testphp.vulnweb.com" --cookies "key=val; newkey=newval"

Using POST method:

$ crlfsuite -i targets.txt -m POST -d "key=val&newkey=newval"

License

👉 MIT LICENSE

Bug report

If You're facing some errors or issues with this tool, you can open a issue here:

👉 Open a issue